[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- To: "Marc Maiffret" <mmaiffret@eeye.com>
- Subject: Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- From: Papp Geza <pappgeza@tolna.net>
- Date: Tue, 10 Feb 2004 21:21:54 +0100
Hello Maiffret
2004. február 10., 19:30:47, írtad:
Hello,
Yes - this is two worm, that use the Mydoom backdoor`s. This is not
"binaris" and not is .zip archive.
This twoo worm are hexa. and is padked to UPX. My attachement picture
from worm W32/Doomjuice.worm.a,aliases: W32.HLLW.Doomjuice, WORM_DOOMJUICE.A,
Win32.Doomjuice.A, Worm.Win32.Doomjuice
From second worm i`have not pitures, but description...
The worm is comlex. W32/Deadhat-A
Aliases :
Win32.Vesser.A, W32.HLLW.Deadhat, Vesser, W32/Vesser.worm.a
--
Üdvözlettel,
Geysap mailto:pappgeza@tolna.net
www.gyik.com
"VIRUS CORE TEAM"
====================================
Fiat justitia, pereat mundus!
------------------------------------
we protect your digital worlds...
====================================
--
Üdvözlettel,
Geysap mailto:pappgeza@tolna.net
www.gyik.com
"VIRUS CORE TEAM"
====================================
Fiat justitia, pereat mundus!
------------------------------------
we protect your digital worlds...
====================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html